3 Replies Latest reply: Oct 19, 2012 3:15 AM by gimbal2 RSS

    javas latest security woes

    873216
      I love Java but I'm sick of Oracles sloppy security. Seems every few months we hear about another exploit. The latest may be the worst. But I need java on my web site. I just don't see any alternatives. Javascript is too limited. So is actionscript.
      I don't yet know anything about HTML5 but I doubt it has the power of Java. And I need applets that will run on Windows, OSX, and Linux. That narrows my choices down to 1 language, Java.
      Is there an alternative Java Plugin I can encourage my users to install that is more secure than the one from Oracle?
      Thanks
        • 1. Re: javas latest security woes
          Kayaman
          apchar wrote:
          I don't yet know anything about HTML5 but I doubt it has the power of Java.
          It's quite powerful. Even more powerful than Java applets, depending on what you're doing.
          Is there an alternative Java Plugin I can encourage my users to install that is more secure than the one from Oracle?
          You could try the openjdk plugin.
          • 2. Re: javas latest security woes
            969460
            I just scan my PC (Windows7) by Microsoft Security Essentials and for the first time it returned with the following result:
            Exploit:Java/CVE-2012-1723.AIH
            Exploit:Java/CVE-2012-1723.AHS
            Exploit:Java/CVE-2012-1723.AIG
            Exploit:Java/CVE-2012-1723.AHP
            Exploit:Java/CVE-2012-1723.AGZ
            Exploit:Java/CVE-2012-1723.AHZ

            Any Exploit have sited to:
            containerfile:C:\Users\Samsung\AppData\Local\Sun\Java\Deployment\cache\6.0\48\56dd1c70-7811d4ad
            file:C:\Users\Samsung\AppData\Local\Sun\Java\Deployment\cache\6.0\48\56dd1c70-7811d4ad->magica/magicb.class

            M.S:E. evaluate Higt Dangerouse the Exploit and the action maked was to remove the Exploits.

            Is it true positive Exploit or is it false-positive Exploit?
            Can the attacker confonding Us for necessary update of Java and injecting Malware?

            Oracle seem do not have any address for reporting thi accidents!
            • 3. Re: javas latest security woes
              gimbal2
              966457 wrote:
              Oracle seem do not have any address for reporting thi accidents!
              They do, when you are a paying customer.

              This is a programming forum, Google is a better place to look for information about possible exploits.